<?php
/**
 * Author: Hancock
 * Email: 84622365@qq.com
 * Date: 3/23/2016
 * Des: 过滤类
 */
defined('INHkMvc') or exit('Access Invalid!');

class filter
{
    private static $filter = "\\b(and|or)\\b.{1,6}?(=|>|<|\\bin\\b|\\blike\\b)|\\/\\*.+?\\*\\/|<\\s*script\\b|\\bEXEC\\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\\s+(TABLE|DATABASE)";

    public static function url($query_string)
    {
        $url_params = explode('&', addslashes($query_string));
        foreach ($url_params as $key => $url_param) {
            $param = explode("=", $url_param);
            if (($key == 0 && $param[0] == "con") || ($key == 1 && $param[0] == "act")) {
                continue;
            }
            if (is_array($param[1])) {
                $param = implode($param[1]);
            }
            if (preg_match("/" . self::$filter . "/is", $param[1])) {
                LD("url param is invalid");
            }
        }
    }
}